package org.eclipse.californium.scandium.dtls.cipher;

import com.huawei.smarthome.common.lib.constants.Constants;
import com.qihoo360.replugin.ext.parser.struct.ChunkType;
import java.lang.reflect.Method;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.EllipticCurve;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.security.auth.Destroyable;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.JceProviderUtil;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes23.dex */
public final class XECDHECryptography implements Destroyable {
    private static final ThreadLocalKeyAgreement ECDH_KEY_AGREEMENT;
    private static final String ECDH_KEY_AGREEMENT_ALGORITHM = "ECDH";
    private static final Map<EllipticCurve, SupportedGroup> EC_CURVE_MAP_BY_CURVE;
    private static final Map<Integer, SupportedGroup> EC_CURVE_MAP_BY_ID;
    private static final ThreadLocalKeyPairGenerator EC_KEYPAIR_GENERATOR;
    private static final String EC_KEYPAIR_GENERATOR_ALGORITHM = "EC";
    private static final ThreadLocalKeyFactory EC_KEY_FACTORY;
    private static final String EC_KEY_FACTORY_ALGORITHM = "EC";
    public static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) XECDHECryptography.class);
    private static final ThreadLocalKeyPairGenerator XDH_KEYPAIR_GENERATOR;
    private static final String XDH_KEYPAIR_GENERATOR_ALGORITHM = "XDH";
    private static final ThreadLocalKeyAgreement XDH_KEY_AGREEMENT;
    private static final String XDH_KEY_AGREEMENT_ALGORITHM = "XDH";
    public static final ThreadLocalKeyFactory XDH_KEY_FACTORY;
    private static final String XDH_KEY_FACTORY_ALGORITHM = "XDH";
    private static volatile XDHPublicKeyApi xDHPublicKeyApi;
    private final byte[] encodedPoint;
    private PrivateKey privateKey;
    private final PublicKey publicKey;
    private final SupportedGroup supportedGroup;

    /* loaded from: classes23.dex */
    public static class Initialize {
        private static final SupportedGroup[] PREFERRED = {SupportedGroup.secp256r1, SupportedGroup.X25519, SupportedGroup.X448, SupportedGroup.secp384r1};
        private static final List<SupportedGroup> PREFERRED_GROUPS;
        private static final List<SupportedGroup> USABLE_GROUPS;

        static {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            for (SupportedGroup supportedGroup : SupportedGroup.values()) {
                if (supportedGroup.isUsable()) {
                    arrayList.add(supportedGroup);
                }
            }
            for (SupportedGroup supportedGroup2 : PREFERRED) {
                if (supportedGroup2.isUsable()) {
                    arrayList2.add(supportedGroup2);
                }
            }
            if (arrayList2.isEmpty() && !arrayList.isEmpty()) {
                arrayList2.add(arrayList.get(0));
            }
            USABLE_GROUPS = Collections.unmodifiableList(arrayList);
            PREFERRED_GROUPS = Collections.unmodifiableList(arrayList2);
        }

        private Initialize() {
        }
    }

    /* loaded from: classes23.dex */
    public enum SupportedGroup {
        sect163k1(1, false),
        sect163r1(2, false),
        sect163r2(3, false),
        sect193r1(4, false),
        sect193r2(5, false),
        sect233k1(6, false),
        sect233r1(7, false),
        sect239k1(8, false),
        sect283k1(9, false),
        sect283r1(10, false),
        sect409k1(11, false),
        sect409r1(12, false),
        sect571k1(13, false),
        sect571r1(14, false),
        secp160k1(15, false),
        secp160r1(16, false),
        secp160r2(17, false),
        secp192k1(18, false),
        secp192r1(19, false),
        secp224k1(20, false),
        secp224r1(21, false),
        secp256k1(22, false),
        secp256r1(23, true),
        secp384r1(24, true),
        secp521r1(25, false),
        brainpoolP256r1(26, false),
        brainpoolP384r1(27, false),
        brainpoolP512r1(28, false),
        X25519(29, 32, "XDH", true),
        X448(30, 56, "XDH", true),
        ffdhe2048(256, false),
        ffdhe3072(257, false),
        ffdhe4096(258, false),
        ffdhe6144(ChunkType.XML_END_ELEMENT, false),
        ffdhe8192(260, false),
        arbitrary_explicit_prime_curves(65281, false),
        arbitrary_explicit_char2_curves(65282, false);

        private final String algorithmName;
        private final byte[] asn1header;
        private final int encodedPointSizeInBytes;
        private final int id;
        private final ThreadLocalKeyFactory keyFactory;
        private final int keySizeInBytes;
        private final boolean recommended;
        private final boolean usable;

        SupportedGroup(int i, int i2, String str, boolean z) {
            boolean z2;
            this.id = i;
            this.algorithmName = str;
            this.keySizeInBytes = i2;
            this.encodedPointSizeInBytes = i2;
            this.recommended = z;
            byte[] bArr = null;
            try {
                KeyPairGenerator currentWithCause = XECDHECryptography.XDH_KEYPAIR_GENERATOR.currentWithCause();
                currentWithCause.initialize(new ECGenParameterSpec(name()), RandomManager.currentSecureRandom());
                byte[] encoded = currentWithCause.generateKeyPair().getPublic().getEncoded();
                bArr = Arrays.copyOf(encoded, encoded.length - i2);
                z2 = true;
            } catch (Throwable th) {
                XECDHECryptography.LOGGER.trace("Group [{}] is not supported by JCE! {}", name(), th.getMessage());
                z2 = false;
            }
            this.usable = z2;
            this.asn1header = bArr;
            this.keyFactory = XECDHECryptography.XDH_KEY_FACTORY;
            XECDHECryptography.EC_CURVE_MAP_BY_ID.put(Integer.valueOf(i), this);
        }

        /* JADX WARN: Removed duplicated region for block: B:11:0x007f  */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        SupportedGroup(int r10, boolean r11) {
            /*
                r7 = this;
                r7.<init>(r8, r9)
                r7.id = r10
                java.lang.String r8 = "EC"
                r7.algorithmName = r8
                r7.recommended = r11
                r8 = 0
                r9 = 1
                r11 = 0
                org.eclipse.californium.scandium.dtls.cipher.ThreadLocalKeyPairGenerator r0 = org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.access$100()     // Catch: java.lang.Throwable -> L61
                java.lang.Object r0 = r0.currentWithCause()     // Catch: java.lang.Throwable -> L61
                java.security.KeyPairGenerator r0 = (java.security.KeyPairGenerator) r0     // Catch: java.lang.Throwable -> L61
                java.security.spec.ECGenParameterSpec r1 = new java.security.spec.ECGenParameterSpec     // Catch: java.lang.Throwable -> L61
                java.lang.String r2 = r7.name()     // Catch: java.lang.Throwable -> L61
                r1.<init>(r2)     // Catch: java.lang.Throwable -> L61
                java.security.SecureRandom r2 = org.eclipse.californium.scandium.dtls.cipher.RandomManager.currentSecureRandom()     // Catch: java.lang.Throwable -> L61
                r0.initialize(r1, r2)     // Catch: java.lang.Throwable -> L61
                java.security.KeyPair r0 = r0.generateKeyPair()     // Catch: java.lang.Throwable -> L61
                java.security.PublicKey r0 = r0.getPublic()     // Catch: java.lang.Throwable -> L61
                java.security.interfaces.ECPublicKey r0 = (java.security.interfaces.ECPublicKey) r0     // Catch: java.lang.Throwable -> L61
                java.security.spec.ECParameterSpec r1 = r0.getParams()     // Catch: java.lang.Throwable -> L61
                java.security.spec.EllipticCurve r1 = r1.getCurve()     // Catch: java.lang.Throwable -> L61
                java.security.spec.ECField r2 = r1.getField()     // Catch: java.lang.Throwable -> L61
                int r2 = r2.getFieldSize()     // Catch: java.lang.Throwable -> L61
                int r2 = r2 + 8
                int r2 = r2 - r9
                int r2 = r2 / 8
                int r3 = r2 * 2
                int r3 = r3 + r9
                java.util.Map r4 = org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.access$200()     // Catch: java.lang.Throwable -> L5e
                r4.put(r1, r7)     // Catch: java.lang.Throwable -> L5e
                byte[] r0 = r0.getEncoded()     // Catch: java.lang.Throwable -> L5e
                int r4 = r0.length     // Catch: java.lang.Throwable -> L5c
                int r4 = r4 - r3
                byte[] r8 = java.util.Arrays.copyOf(r0, r4)     // Catch: java.lang.Throwable -> L5c
                goto L76
            L5c:
                r1 = move-exception
                goto L65
            L5e:
                r1 = move-exception
                r0 = r8
                goto L65
            L61:
                r1 = move-exception
                r0 = r8
                r2 = r11
                r3 = r2
            L65:
                org.slf4j.Logger r4 = org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.LOGGER
                java.lang.String r5 = r7.name()
                java.lang.String r1 = r1.getMessage()
                java.lang.String r6 = "Group [{}] is not supported by JCE! {}"
                r4.trace(r6, r5, r1)
                r1 = r8
                r8 = r0
            L76:
                r7.keySizeInBytes = r2
                r7.encodedPointSizeInBytes = r3
                r7.asn1header = r8
                if (r1 == 0) goto L7f
                goto L80
            L7f:
                r9 = r11
            L80:
                r7.usable = r9
                org.eclipse.californium.scandium.dtls.cipher.ThreadLocalKeyFactory r8 = org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.access$300()
                r7.keyFactory = r8
                java.util.Map r8 = org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.access$400()
                java.lang.Integer r9 = java.lang.Integer.valueOf(r10)
                r8.put(r9, r7)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.SupportedGroup.<init>(java.lang.String, int, int, boolean):void");
        }

        public static SupportedGroup fromId(int i) {
            return (SupportedGroup) XECDHECryptography.EC_CURVE_MAP_BY_ID.get(Integer.valueOf(i));
        }

        public static SupportedGroup fromPublicKey(PublicKey publicKey) {
            if (publicKey != null) {
                if (publicKey instanceof ECPublicKey) {
                    return (SupportedGroup) XECDHECryptography.EC_CURVE_MAP_BY_CURVE.get(((ECPublicKey) publicKey).getParams().getCurve());
                }
                if (XECDHECryptography.xDHPublicKeyApi == null || !XECDHECryptography.xDHPublicKeyApi.isSupporting(publicKey)) {
                    String edDsaStandardAlgorithmName = JceProviderUtil.getEdDsaStandardAlgorithmName(publicKey.getAlgorithm(), null);
                    if ("OID.1.3.101.112".equals(edDsaStandardAlgorithmName) || "EdDSA".equalsIgnoreCase(edDsaStandardAlgorithmName)) {
                        return X25519;
                    }
                    if ("OID.1.3.101.113".equals(edDsaStandardAlgorithmName)) {
                        return X448;
                    }
                    XECDHECryptography.LOGGER.warn("No supported curve {}/{}", publicKey.getAlgorithm(), edDsaStandardAlgorithmName);
                } else {
                    try {
                        return valueOf(XECDHECryptography.xDHPublicKeyApi.getCurveName(publicKey));
                    } catch (GeneralSecurityException unused) {
                    }
                }
            }
            return null;
        }

        public static List<SupportedGroup> getPreferredGroups() {
            return Initialize.PREFERRED_GROUPS;
        }

        public static List<SupportedGroup> getUsableGroups() {
            return Initialize.USABLE_GROUPS;
        }

        public static SupportedGroup[] getUsableGroupsArray() {
            return (SupportedGroup[]) Initialize.USABLE_GROUPS.toArray(new SupportedGroup[Initialize.USABLE_GROUPS.size()]);
        }

        public static boolean isEcPublicKey(PublicKey publicKey) {
            if (publicKey instanceof ECPublicKey) {
                return true;
            }
            return XECDHECryptography.xDHPublicKeyApi != null && XECDHECryptography.xDHPublicKeyApi.isSupporting(publicKey);
        }

        public static boolean isSupported(List<SupportedGroup> list, List<X509Certificate> list2) {
            SupportedGroup fromPublicKey;
            Iterator<X509Certificate> it = list2.iterator();
            while (it.hasNext()) {
                PublicKey publicKey = it.next().getPublicKey();
                if (isEcPublicKey(publicKey) && ((fromPublicKey = fromPublicKey(publicKey)) == null || !fromPublicKey.isUsable() || !list.contains(fromPublicKey))) {
                    return false;
                }
            }
            return true;
        }

        public PublicKey decodedPoint(byte[] bArr) throws GeneralSecurityException {
            if (bArr == null) {
                throw new NullPointerException("encoded point must not be null!");
            }
            if (this.encodedPointSizeInBytes == bArr.length) {
                return this.keyFactory.currentWithCause().generatePublic(new X509EncodedKeySpec(Bytes.concatenate(this.asn1header, bArr)));
            }
            throw new IllegalArgumentException("encoded point must have " + this.encodedPointSizeInBytes + " bytes, not " + bArr.length + "!");
        }

        public byte[] encodedPoint(PublicKey publicKey) throws GeneralSecurityException {
            if (publicKey == null) {
                throw new NullPointerException("public key must not be null!");
            }
            byte[] encoded = publicKey.getEncoded();
            if (encoded != null) {
                return Arrays.copyOfRange(encoded, this.asn1header.length, encoded.length);
            }
            throw new GeneralSecurityException(name() + " not supported!");
        }

        public String getAlgorithmName() {
            return this.algorithmName;
        }

        public int getEncodedPointSizeInBytes() {
            return this.encodedPointSizeInBytes;
        }

        public int getId() {
            return this.id;
        }

        public int getKeySizeInBytes() {
            return this.keySizeInBytes;
        }

        public boolean isRecommended() {
            return this.recommended;
        }

        public boolean isUsable() {
            return this.usable;
        }
    }

    /* loaded from: classes23.dex */
    public interface XDHPublicKeyApi {
        String getCurveName(PublicKey publicKey) throws GeneralSecurityException;

        boolean isSupporting(PublicKey publicKey);
    }

    /* loaded from: classes23.dex */
    public static class XDHPublicKeyReflection implements XDHPublicKeyApi {
        private final Method NamedParameterSpecGetName;
        private final Class<?> XECPublicKeyClass;
        private final Method XECPublicKeyGetParams;

        private XDHPublicKeyReflection(Class<?> cls) {
            if (cls == null) {
                throw new NullPointerException("XECPublicKeyClass must not be null!");
            }
            this.XECPublicKeyClass = cls;
            this.XECPublicKeyGetParams = null;
            this.NamedParameterSpecGetName = null;
        }

        private XDHPublicKeyReflection(Class<?> cls, Method method, Method method2) {
            if (cls == null) {
                throw new NullPointerException("XECPublicKeyClass must not be null!");
            }
            if (method == null) {
                throw new NullPointerException("XECPublicKeyGetParams must not be null!");
            }
            if (method2 == null) {
                throw new NullPointerException("NamedParameterSpecGetName must not be null!");
            }
            this.XECPublicKeyClass = cls;
            this.XECPublicKeyGetParams = method;
            this.NamedParameterSpecGetName = method2;
        }

        public static /* synthetic */ XDHPublicKeyApi access$000() {
            return init();
        }

        private static XDHPublicKeyApi init() {
            try {
                if (JceProviderUtil.usesBouncyCastle()) {
                    return new XDHPublicKeyReflection(Class.forName("org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey"));
                }
                Method method = Class.forName("java.security.spec.NamedParameterSpec").getMethod("getName", new Class[0]);
                Class<?> cls = Class.forName("java.security.interfaces.XECPublicKey");
                return new XDHPublicKeyReflection(cls, cls.getMethod("getParams", new Class[0]), method);
            } catch (Throwable unused) {
                XECDHECryptography.LOGGER.info("X25519/X448 not supported!");
                return null;
            }
        }

        @Override // org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.XDHPublicKeyApi
        public String getCurveName(PublicKey publicKey) throws GeneralSecurityException {
            if (!this.XECPublicKeyClass.isInstance(publicKey)) {
                throw new GeneralSecurityException(publicKey.getAlgorithm() + " not supported!");
            }
            Method method = this.XECPublicKeyGetParams;
            if (method == null || this.NamedParameterSpecGetName == null) {
                return publicKey.getAlgorithm();
            }
            try {
                return (String) this.NamedParameterSpecGetName.invoke(method.invoke(publicKey, new Object[0]), new Object[0]);
            } catch (Exception e) {
                throw new GeneralSecurityException("X25519/X448 not supported by JRE!", e);
            }
        }

        @Override // org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.XDHPublicKeyApi
        public boolean isSupporting(PublicKey publicKey) {
            return this.XECPublicKeyClass.isInstance(publicKey);
        }
    }

    static {
        JceProviderUtil.init();
        EC_KEYPAIR_GENERATOR = new ThreadLocalKeyPairGenerator("EC");
        XDH_KEYPAIR_GENERATOR = new ThreadLocalKeyPairGenerator("XDH");
        EC_KEY_FACTORY = new ThreadLocalKeyFactory("EC");
        XDH_KEY_FACTORY = new ThreadLocalKeyFactory("XDH");
        ECDH_KEY_AGREEMENT = new ThreadLocalKeyAgreement(ECDH_KEY_AGREEMENT_ALGORITHM);
        XDH_KEY_AGREEMENT = new ThreadLocalKeyAgreement("XDH");
        xDHPublicKeyApi = XDHPublicKeyReflection.access$000();
        EC_CURVE_MAP_BY_ID = new HashMap();
        EC_CURVE_MAP_BY_CURVE = new HashMap();
    }

    public XECDHECryptography(SupportedGroup supportedGroup) throws GeneralSecurityException {
        KeyPair generateKeyPair;
        if (supportedGroup.getAlgorithmName().equals("EC")) {
            KeyPairGenerator currentWithCause = EC_KEYPAIR_GENERATOR.currentWithCause();
            currentWithCause.initialize(new ECGenParameterSpec(supportedGroup.name()), RandomManager.currentSecureRandom());
            generateKeyPair = currentWithCause.generateKeyPair();
        } else {
            if (!supportedGroup.getAlgorithmName().equals("XDH")) {
                throw new GeneralSecurityException(supportedGroup.name() + " not supported by KeyPairGenerator!");
            }
            KeyPairGenerator currentWithCause2 = XDH_KEYPAIR_GENERATOR.currentWithCause();
            currentWithCause2.initialize(new ECGenParameterSpec(supportedGroup.name()), RandomManager.currentSecureRandom());
            generateKeyPair = currentWithCause2.generateKeyPair();
        }
        this.privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        this.publicKey = publicKey;
        this.supportedGroup = supportedGroup;
        byte[] encodedPoint = supportedGroup.encodedPoint(publicKey);
        this.encodedPoint = encodedPoint;
        check("OUT: ", publicKey, encodedPoint);
    }

    private void check(String str, PublicKey publicKey, byte[] bArr) throws GeneralSecurityException {
        Logger logger = LOGGER;
        if (logger.isDebugEnabled()) {
            byte[] encoded = publicKey.getEncoded();
            String byteArray2Hex = StringUtil.byteArray2Hex(encoded);
            String byteArray2Hex2 = StringUtil.byteArray2Hex(bArr);
            if (byteArray2Hex2.length() < byteArray2Hex.length()) {
                byteArray2Hex2 = String.format(Constants.PERCENT_SIGN + byteArray2Hex.length() + "s", byteArray2Hex2);
            }
            logger.debug("{}ASN1 encoded '{}'", str, byteArray2Hex);
            logger.debug("{}DHE  encoded '{}'", str, byteArray2Hex2);
            for (int i = 0; i < bArr.length; i++) {
                if (bArr[(bArr.length - i) - 1] != encoded[(encoded.length - i) - 1]) {
                    throw new GeneralSecurityException("DHE: failed to encoded point! " + this.supportedGroup.name() + ", position: " + i);
                }
            }
        }
    }

    public static void setXDHPublicKeyApi(XDHPublicKeyApi xDHPublicKeyApi2) {
        xDHPublicKeyApi = xDHPublicKeyApi2;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        this.privateKey = null;
    }

    public SecretKey generateSecret(byte[] bArr) throws GeneralSecurityException {
        KeyAgreement currentWithCause;
        if (this.privateKey == null) {
            throw new IllegalStateException("private key must not be destroyed");
        }
        PublicKey decodedPoint = this.supportedGroup.decodedPoint(bArr);
        if (this.supportedGroup.getAlgorithmName().equals("EC")) {
            currentWithCause = ECDH_KEY_AGREEMENT.currentWithCause();
        } else {
            if (xDHPublicKeyApi == null || !this.supportedGroup.getAlgorithmName().equals("XDH")) {
                throw new GeneralSecurityException(this.supportedGroup.name() + " not supported by JCE!");
            }
            currentWithCause = XDH_KEY_AGREEMENT.currentWithCause();
        }
        check("IN: ", decodedPoint, bArr);
        try {
            currentWithCause.init(this.privateKey);
            currentWithCause.doPhase(decodedPoint, true);
            byte[] generateSecret = currentWithCause.generateSecret();
            SecretKey create = SecretUtil.create(generateSecret, "TlsPremasterSecret");
            Bytes.clear(generateSecret);
            return create;
        } catch (InvalidKeyException e) {
            LOGGER.warn("Fail: {} {}", this.supportedGroup.name(), e.getMessage());
            throw e;
        }
    }

    public byte[] getEncodedPoint() {
        return this.encodedPoint;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public SupportedGroup getSupportedGroup() {
        return this.supportedGroup;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.privateKey == null;
    }
}
